efd7b1dfb4264ee74ed4d74cbb8d56c82daeef4363536e25c32bc58da63861c0

Resubmissions

08/03/2024, 07:02

240308-ht7c5aah7z 10

08/03/2024, 07:01

240308-hthprsah7v 1

07/03/2024, 18:00

240307-wlc17shf25 6

Sharing

Copy URL

Twitter E-mail

General

Target

1_npp.8.6.3.portable.x64.zip
Size

8.5MB
Sample

240307-wlc17shf25
MD5

74a2610a4b507b142a58b28e4e4bb324
SHA1

8c0d6f358fba7edb9bf22b36fa9051284616681e
SHA256

efd7b1dfb4264ee74ed4d74cbb8d56c82daeef4363536e25c32bc58da63861c0
SHA512

4f09c805d361655a3d27d3705777fe8d6e1e1697f7b57958b4d98827eede63aff6e6df92309e161c3ad502adfd5668ddec623717666c5c650aae35489347075e
SSDEEP

196608:e7HWKqkGTSOwUD7sR3M4KBCmbhOj+UIs1mkSK4VrnJP:e7Hb9OwnRX0lTsUHVrnJP

Score

6^/10

Malware Config

Targets

- Target
  
  npp.8.6.3.portable.x64/contextModel.html
- Size
  
  2.6MB
- MD5
  
  8f28087d8d0e716368314c2f1a159280
- SHA1
  
  7e383ae0f632c02ef98168b6c1a33fd449d6c393
- SHA256
  
  0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046
- SHA512
  
  aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab
- SSDEEP
  
  49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5
Score

1^/10
behavioral1 behavioral2
- Target
  
  npp.8.6.3.portable.x64/langsMod.html
- Size
  
  646KB
- MD5
  
  2661f8272ada236cf3aeb9ce9323626c
- SHA1
  
  98683c358724eda64bd5c1df5df6d2af8bcedd15
- SHA256
  
  e451287843b3927c6046eaabd3e22b929bc1f445eec23a73b1398b115d02e4fb
- SHA512
  
  59179122d10d9bb17b5e929eccd1cbed6d4012d99622032fa883e82c2e704656ae66c0efe3daf9e42459ad7936d4838fceefc30eebf451158dd7cbdc0d18da5d
- SSDEEP
  
  12288:Ne9/rEo5t4OVoq54eyitAoC/9uwcitKUJAqxw5tG3:EFrECLVoQ4eyitAoC/9uwntKUfxw5c3
Score

1^/10
behavioral3 behavioral4
- Target
  
  npp.8.6.3.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  2cd84602fc2428e0db00dbce5e20dc80
- SHA1
  
  965a62dbba7cbb95b6a7694dc33963ffb105819a
- SHA256
  
  4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287
- SHA512
  
  a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2
- SSDEEP
  
  98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525
Score

1^/10
behavioral5 behavioral6
- Target
  
  npp.8.6.3.portable.x64/plugins/Config/nppPluginList.dll
- Size
  
  204KB
- MD5
  
  18a0b5fef18fc27926a4aa3965374fea
- SHA1
  
  a1517a5c1356f00c63c60e464276b115ef7087e7
- SHA256
  
  fd046bbe51b6106ff41cf766ec002f2fd9e5ec18fb60c6c1b3224c0963036f85
- SHA512
  
  ea056caa9dfdd23df08bc47058246b4430e71ec4d2646055d11ed99e82d443397e48bc44a3c3532ff89e1b0eebb304453df3bb6935d558a91df6ce8da0b7d92c
- SSDEEP
  
  3072:8uQtUEW4pggQikeV29r97Fo/rg4aSuhJFAcT15fabjsKeBcHzmVR53vi:EtUr4/Dkq2FH51lQ/q
Score

1^/10
behavioral7 behavioral8
- Target
  
  npp.8.6.3.portable.x64/plugins/NppConverter/NppConverter.dll
- Size
  
  198KB
- MD5
  
  3469d4e293654053868b54ca8cf7c5c9
- SHA1
  
  48a77bd9369465efe93db1afc173836e38f1c63c
- SHA256
  
  d03c1a63ea0dfb0eb588168d36ffb6141f5780abe24c8c19873549788c1c7a6d
- SHA512
  
  3494869d7e1c80d8c6f1bb17cbc648e80ebdc6ce57fa9a66b1f341d3eb54304def7e5ce39ffd7e4798757ad6b966439c7feb15b7f56400bab98afce7259d047c
- SSDEEP
  
  3072:CsyQLpFufl6OPM07zq06MuUy8wqy9XGOeXLXTbi0A7zR9zk:NFLIl/M060Or6ucjb5AfR9
Score

1^/10
behavioral10 behavioral9
- Target
  
  npp.8.6.3.portable.x64/plugins/NppExport/NppExport.dll
- Size
  
  153KB
- MD5
  
  4f465c958622681513e45ced7fa456ad
- SHA1
  
  22766bd48fe89128c7242377053bcae532d35e70
- SHA256
  
  e0a90cd22bee74bf16b42961ea373303a74bebe3ac19107eb90c25c1687586c8
- SHA512
  
  9d27edb6c3ae548a56806dc63ff8259f52c089c1d0adf7193b9aed558735450555f434e73e5f264310cf555a7232bcc87668acf15a3641a18cff9414bb96eeac
- SSDEEP
  
  3072:2HWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:wWYwtRxCYAKfb5uwodsIjd6k6
Score

1^/10
behavioral11 behavioral12
- Target
  
  npp.8.6.3.portable.x64/plugins/mimeTools/mimeTools.dll
- Size
  
  145KB
- MD5
  
  0e5b6db1828fe3350974d503413aafba
- SHA1
  
  6ae2a9b1dbfe74065e7f3206acf31f9b4a2a0983
- SHA256
  
  4f2079cd2e228a2777df45ae00714c8679531fd8ad82a66b5c1b10e800771f18
- SHA512
  
  7dffd28f55618cba5bceb1f25a49a5d746b2efa381249dab9e7b4b33be0563b3775da0598f3b90129618f0942c754e905060d26022c2e9aee43576ae10907c43
- SSDEEP
  
  3072:w3/HUI6snUldCUzjueQtItkD4x5py8qLlCat4HVOtzNNG0vBxN049K7lH:w3H6snR+xzy8qLJ4VqNm49Q
Score

1^/10
behavioral13 behavioral14
- Target
  
  npp.8.6.3.portable.x64/updater/GUP.exe
- Size
  
  818KB
- MD5
  
  fabdd8cc1e50874481688659ea63b7ec
- SHA1
  
  d498dc918010810822902df29ce54ac1766fb446
- SHA256
  
  d056ae6e45a62a86199dcc7d0c696469374253fba05a45c877caf28b0b897df3
- SHA512
  
  1bda8cd73f00f0e7fd6a924ad6234dc47a183f3f4c5a40d5ca6cc0cdd116ee07fce7a1b744cba31ab2a491e89b23f653b5d38a74eaf5138e3289c799f99b7450
- SSDEEP
  
  12288:PySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoQ:qqMo2aWqT2KbpIFZ6PNeTwt
Score

6^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15 behavioral16
- Target
  
  npp.8.6.3.portable.x64/updater/libcurl.dll
- Size
  
  728KB
- MD5
  
  2d031d5f3a4e10a94b1c8297d269e2c8
- SHA1
  
  dda72a32b31883ea021311a986a7166d2239cba6
- SHA256
  
  afce00c928629a699b2c253f4536e23350098fa1318275fad0677c5e8b09f0b5
- SHA512
  
  b18bbf6741a0149c9fc2ec6d9a7a3e684ec5bcce4ca9cb559dbac1c6fe853a4fa2d5eec3e9b9ba46fd8658be726e95a33205764fa4eb7e24060d4aae6ca11557
- SSDEEP
  
  12288:GvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:GVekCoa5l2P2B6hdQvl03msMy
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18